I'm trying create rest api, and it must have authentication. I want use https with basic authentication, but I don't now how it fast and has any so simple and faster authentication methods?
1 回答
The performance issue with basic authentication could be because of the extra round trip for each call, i.e. client sends request then server asks for authentication and then client sends authentication information. Also, this involves storing the username and password for sending them in each call.
Normally, people get around this using token authentication. Initially, client uses basic authentication to send username and password. At this point the server sends a "token" to the client(Normally a cryptic looking string which only the server can decode). The client saves this token and sends it the subsequent requests in a custom HTTP header field. The server checks if the supplied token is valid and it hasn't expired. If it is valid the server knows the client already has been authenticated previously.
Search for Token authentication.
If you are using .NET, this is the best open source implementation http://thinktecture.github.io/Thinktecture.IdentityModel.45/.
I understand this will be built into ASP.NET Web.Api 2.